New GDPR (General Data Protection Regulation) and phpBB

Do not post support requests, bug reports or feature requests. Discuss phpBB here. Non-phpBB related discussion goes in General Discussion!
Scam Warning
User avatar
Ger
Recognised Extension Developer
Posts: 1875
Joined: Wed Jan 02, 2008 7:35 pm
Location: 192.168.1.100
Contact:

Re: New GDPR (General Data Protection Regulation) and phpBB

Post by Ger » Tue May 08, 2018 5:41 pm

thecoalman wrote:
Tue May 08, 2018 3:04 pm
Ger wrote:
Tue May 08, 2018 1:48 pm
So basically, if your board targets for instance Italian chefs, your board has to comply to EU law.
If your company does not have a physical/financial presence in the EU it's unenforceable.
It's enforceable by blocking access. That's usually how they do it: comply or get the ... out of here.
My extensions:
Simple CMS, Feed post bot, Avatar Resize, Modbreak, Magic OGP, Live topic update, Modern Quote, Quoted Where (GDPR) and Autoresponder.
Newest: FAQ manager for 3.2

Like my work? Buy me a coffee to keep it coming. :ugeek:
-Available for custom work-

Tomba
Registered User
Posts: 134
Joined: Tue Jun 18, 2002 7:52 am
Location: Belgium
Name: Steven De Groote
Contact:

Re: New GDPR (General Data Protection Regulation) and phpBB

Post by Tomba » Tue May 08, 2018 9:49 pm

Not sure if asked before here, but because PM's are private data, and when banned, members can't access them anymore, wouldn't that be an issue?

I mean, wouldn't it be good to just disable posting and PMing when users are banned? Or is there something that I now overlook?

User avatar
Lumpy Burgertushie
Registered User
Posts: 66724
Joined: Mon May 02, 2005 3:11 am
Contact:

Re: New GDPR (General Data Protection Regulation) and phpBB

Post by Lumpy Burgertushie » Tue May 08, 2018 10:41 pm

if you ban a user they can not log it at all. so no, they will not be able to post or PM etc. etc.

also, who says that a private message is personal data in this situation? a private message that just says "hi" does not contain any personal data.
if the PM says "hi, my address is 123 anystreet" then that may be considered personal data.

it is all these different possibilities that makes this whole thing just dumb.


robert
I'm baaaaaccckkkk. still doing work on donation basis. PM your needs.

Premium phpBB 3.2 Styles by PlanetStyles.net

If a tree falls in the forest and nobody is there, does it make a sound?

User avatar
Ger
Recognised Extension Developer
Posts: 1875
Joined: Wed Jan 02, 2008 7:35 pm
Location: 192.168.1.100
Contact:

Re: New GDPR (General Data Protection Regulation) and phpBB

Post by Ger » Wed May 09, 2018 7:20 am

Lumpy Burgertushie wrote:
Tue May 08, 2018 10:41 pm
also, who says that a private message is personal data in this situation? a private message that just says "hi" does not contain any personal data.
if the PM says "hi, my address is 123 anystreet" then that may be considered personal data.
Any private (as in: not public) conversation is considered personal. If you have to make the contents of the conversation public to prove it's personal, it can never be considered personal since it's public by default.

Also: even the meta data is considered personal. So if I send you a PM with no contents at all, it's still considered personal. Just the fact that we have a 1:1 conversation is nobody's business but ours.
My extensions:
Simple CMS, Feed post bot, Avatar Resize, Modbreak, Magic OGP, Live topic update, Modern Quote, Quoted Where (GDPR) and Autoresponder.
Newest: FAQ manager for 3.2

Like my work? Buy me a coffee to keep it coming. :ugeek:
-Available for custom work-

User avatar
tojag
Registered User
Posts: 400
Joined: Thu Aug 07, 2014 8:00 am
Location: Warsaw, Poland, EU
Name: Gregory

Re: New GDPR (General Data Protection Regulation) and phpBB

Post by tojag » Wed May 09, 2018 8:38 am

At this point, we become a service provider similar to e-mail. This is subject to specific requirements resulting from GDPR but also from telecommunications law. At least in my country.
As I wrote, I have a reason for submitting for moderation - the post contains personal data. If someone reports it to me or I can see it myself, I will delete it. In particular, this applies to posts from deleted accounts. But I still have no certainty that it is enough to keep posts after deleting the account. Remember, personal data, even if published, is still personal data and the owner still has rights under GDPR.
Sorry my english. I hope You understand what I mean.

rajpb
Registered User
Posts: 29
Joined: Sat Mar 24, 2018 11:12 pm

Re: New GDPR (General Data Protection Regulation) and phpBB

Post by rajpb » Wed May 09, 2018 8:50 am

pm qualify for secrecy of correspondence, so yes, they are personal data

User avatar
Acorn
Registered User
Posts: 397
Joined: Tue Sep 26, 2006 8:11 am
Location: UK
Contact:

Re: New GDPR (General Data Protection Regulation) and phpBB

Post by Acorn » Wed May 09, 2018 9:09 am

If an account is anonymised and deleted but the posts are kept, I know that unread PMS are deleted, but presumably ones that have been read (and are therefore in someone else's inbox) are kept.

If the user is deleted and their posts are not kept, are the read PMs also deleted completely? Do they disappear from the recipients' inboxes?
Getting braver all the time. :D

User avatar
thecoalman
Community Team Member
Community Team Member
Posts: 3299
Joined: Wed Dec 22, 2004 3:52 am
Location: Pennsylvania, U.S.A.
Contact:

Re: New GDPR (General Data Protection Regulation) and phpBB

Post by thecoalman » Wed May 09, 2018 9:50 am

Ger wrote:
Tue May 08, 2018 5:41 pm
It's enforceable by blocking access. That's usually how they do it: comply or get the ... out of here.
Yes they can do that but managing something like that is a monumental task not to mention the frustration of EU users who will be unable to access those resources. It's not really censorship but that is about what it would amount to.
“Results! Why, man, I have gotten a lot of results! I have found several thousand things that won’t work.”

Attributed - Thomas Edison

User avatar
thecoalman
Community Team Member
Community Team Member
Posts: 3299
Joined: Wed Dec 22, 2004 3:52 am
Location: Pennsylvania, U.S.A.
Contact:

Re: New GDPR (General Data Protection Regulation) and phpBB

Post by thecoalman » Wed May 09, 2018 10:03 am

Acorn wrote:
Wed May 09, 2018 9:09 am
If the user is deleted and their posts are not kept, are the read PMs also deleted completely? Do they disappear from the recipients' inboxes?
Just ran a test on this, I created a test user and sent a PM to myself while logged in as the test user. I logged in as me, read the message and then deleted the user. The message is not deleted and that IMO is the correct behavior.
subject
This message was sent by a user no longer registered.
by Anonymous » Wed. May. 09, 2018 6:00 am
“Results! Why, man, I have gotten a lot of results! I have found several thousand things that won’t work.”

Attributed - Thomas Edison

User avatar
AmigoJack
Registered User
Posts: 5612
Joined: Tue Jun 15, 2010 11:33 am
Location: グリーン ヒル ゾーン
Contact:

Re: New GDPR (General Data Protection Regulation) and phpBB

Post by AmigoJack » Wed May 09, 2018 12:05 pm

Acorn wrote:
Wed May 09, 2018 9:09 am
If the user is deleted and their posts are not kept
That will delete his
  • posts
  • reports
  • uploaded avatar
  • authentication link
  • entry in any group
  • watched topics
  • topic tracks
  • individual permissions
  • forum tracks
  • profile fields content
  • drafts
  • bookmarks
  • sessions
  • PM folders and rules
  • log entries
  • friends/foes
  • bans
  • PMs that are yet not read by recipients
A PM is stored only once in the database - already sending it to only one recipient (instead of multiple) makes it two participants who will look at the same text. So an accurate test should include multiple PMs: one being sent and not yet read by the recipient, one being sent and read by the recipient, and one being sent to multiple recipients where one of them has read it and one of them not.
The worst thing about censorship is ███████████
Affin wrote:
Tue Nov 20, 2018 9:51 am
The problem is probably not my English but you do not want to understand correctly.
...
We will not come anybody anyway, nevertheless, it's best to shit this.

User avatar
tojag
Registered User
Posts: 400
Joined: Thu Aug 07, 2014 8:00 am
Location: Warsaw, Poland, EU
Name: Gregory

Re: New GDPR (General Data Protection Regulation) and phpBB

Post by tojag » Wed May 09, 2018 12:20 pm

This is ok because receiver becomes now owner this message not a sender. If there any personal data in this PM, the receiver becomes the administrator. But he does not under GDPR because hi probably use a forum account for his personal usage as a usually user. Only the board owners are a data controllers in the GDPR understanding. Administrators and moderators with access to personal data are entities acting on behalf of the forum owner. If they are external entities, they should have agreements and authorizations from the owner to access and process data.
Regards
Sorry my english. I hope You understand what I mean.

User avatar
Talk19Zehn
Registered User
Posts: 374
Joined: Tue Aug 09, 2011 1:10 pm
Contact:

Re: New GDPR (General Data Protection Regulation) and phpBB

Post by Talk19Zehn » Wed May 09, 2018 1:45 pm

PM´s - had this way possible?

Hi, before deleting a user, it may be advisable to clean up the outbox:
ACP / Users and Groups / Manage User / Find a member /
=> Overview => Basic tools => Quick tools ===> Select Option => Empty PM outbox
Only one consideration and from my side at this moment the results are untested.
World Meteorological Organization (WMO) Weather - Climate - Water
BTW: My own works - phpBB - read more: ongray-design-de or look here: phpBB VT Theme
Style: Star Trek - StarTrekExcerpts - Fan-Board

User avatar
thecoalman
Community Team Member
Community Team Member
Posts: 3299
Joined: Wed Dec 22, 2004 3:52 am
Location: Pennsylvania, U.S.A.
Contact:

Re: New GDPR (General Data Protection Regulation) and phpBB

Post by thecoalman » Wed May 09, 2018 3:05 pm

Talk19Zehn wrote:
Wed May 09, 2018 1:45 pm
PM´s - had this way possible?

Hi, before deleting a user, it may be advisable to clean up the outbox:
ACP / Users and Groups / Manage User / Find a member /
=> Overview => Basic tools => Quick tools ===> Select Option => Empty PM outbox
Only one consideration and from my side at this moment the results are untested.
The outbox only contains messages that have been composed and the recipient has not opened their inbox. They can be edited or even fully deleted by the sender if it's in the outbox, deletion at this point would remove it from the database. When the recipient opens their inbox the message in the senders outbox is moved to their sentbox. Once in the sentbox the message needs to be deleted by both the sender and recipient before it's deleted from the database.

Emptying a users outbox is useful if for example you have a spammer that sent 100's of PM's and you do not want to delete the account.
“Results! Why, man, I have gotten a lot of results! I have found several thousand things that won’t work.”

Attributed - Thomas Edison

User avatar
thecoalman
Community Team Member
Community Team Member
Posts: 3299
Joined: Wed Dec 22, 2004 3:52 am
Location: Pennsylvania, U.S.A.
Contact:

Re: New GDPR (General Data Protection Regulation) and phpBB

Post by thecoalman » Wed May 09, 2018 3:13 pm

AmigoJack wrote:
Wed May 09, 2018 12:05 pm
and one being sent to multiple recipients where one of them has read it and one of them not.
I didn't test multiple recipients but I'm pretty sure it moves to sentbox once opened by single recipient.
“Results! Why, man, I have gotten a lot of results! I have found several thousand things that won’t work.”

Attributed - Thomas Edison

User avatar
GanstaZ
Registered User
Posts: 804
Joined: Wed Oct 11, 2017 10:29 pm
Location: Zverse

Re: New GDPR (General Data Protection Regulation) and phpBB

Post by GanstaZ » Wed May 09, 2018 3:57 pm

I don't see a problem in bans. If a member/user violates rules & will be punished (banned), gdpr police will bite his/her ass, because rules apply to both sides => owners/admins/mods & users/customers. If ban is permanent, then only thing to do is to ask a deletion of the account.
"When answer lies in the question,.. question becomes redundant!"

Post Reply

Return to “phpBB Discussion”